2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #ifndef OSSL_QUIC_LOCAL_H
11 # define OSSL_QUIC_LOCAL_H
13 # include <openssl/ssl.h>
14 # include "internal/quic_ssl.h" /* QUIC_CONNECTION */
15 # include "internal/quic_txp.h"
16 # include "internal/quic_statm.h"
17 # include "internal/quic_demux.h"
18 # include "internal/quic_record_rx.h"
19 # include "internal/quic_tls.h"
20 # include "internal/quic_fc.h"
21 # include "internal/quic_stream.h"
22 # include "internal/quic_channel.h"
23 # include "internal/quic_reactor.h"
24 # include "internal/quic_thread_assist.h"
25 # include "../ssl_local.h"
27 # ifndef OPENSSL_NO_QUIC
30 * QUIC stream SSL object (QSSO) type. This implements the API personality layer
31 * for QSSO objects, wrapping the QUIC-native QUIC_STREAM object and tracking
32 * state required by the libssl API personality.
35 /* SSL object common header. */
38 /* The connection this stream is associated with. Always non-NULL. */
39 QUIC_CONNECTION *conn;
41 /* The stream object. Always non-NULL for as long as the XSO exists. */
44 /* Is this stream in blocking mode? */
45 unsigned int blocking : 1;
48 * This state tracks SSL_write all-or-nothing (AON) write semantics
53 * t=0: aon_write_in_progress=0
54 * t=1: SSL_write(ssl, b1, l1) called;
55 * too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;
56 * aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;
57 * aon_buf_pos < l1 (depends on how much room was in sstream);
58 * t=2: SSL_write(ssl, b2, l2);
59 * b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)
60 * l2 must equal l1 (always validated)
61 * append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)
62 * if done, aon_write_in_progess=0
65 /* Is an AON write in progress? */
66 unsigned int aon_write_in_progress : 1;
68 * The base buffer pointer the caller passed us for the initial AON write
69 * call. We use this for validation purposes unless
70 * ACCEPT_MOVING_WRITE_BUFFER is enabled.
72 * NOTE: We never dereference this, as the caller might pass a different
73 * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for
74 * validation by pointer comparison only.
76 const unsigned char *aon_buf_base;
77 /* The total length of the AON buffer being sent, in bytes. */
80 * The position in the AON buffer up to which we have successfully sent data
89 * Last 'normal' error during an app-level I/O operation, used by
90 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
91 * and SSL_ERROR_WANT_WRITE.
98 * ssl_st is a common header for ordinary SSL objects, QUIC connection
99 * objects and QUIC stream objects, allowing objects of these different
100 * types to be disambiguated at runtime and providing some common fields.
102 * Note: This must come first in the QUIC_CONNECTION structure.
109 * The QUIC channel providing the core QUIC connection implementation. Note
110 * that this is not instantiated until we actually start trying to do the
111 * handshake. This is to allow us to gather information like whether we are
112 * going to be in client or server mode before committing to instantiating
113 * the channel, since we want to determine the channel arguments based on
116 * The channel remains available after connection termination until the SSL
117 * object is freed, thus (ch != NULL) iff (started == 1).
122 * The mutex used to synchronise access to the QUIC_CHANNEL. We own this but
123 * provide it to the channel.
128 * If we have a default stream attached, this is the internal XSO
129 * object. If there is no default stream, this is NULL.
131 QUIC_XSO *default_xso;
133 /* The network read and write BIOs. */
134 BIO *net_rbio, *net_wbio;
136 /* Initial peer L4 address. */
137 BIO_ADDR init_peer_addr;
139 # ifndef OPENSSL_NO_QUIC_THREAD_ASSIST
140 /* Manages thread for QUIC thread assisted mode. */
141 QUIC_THREAD_ASSIST thread_assist;
144 /* If non-NULL, used instead of ossl_time_now(). Used for testing. */
145 OSSL_TIME (*override_now_cb)(void *arg);
146 void *override_now_cb_arg;
148 /* Number of XSOs allocated. Includes the default XSO, if any. */
151 /* Have we started? */
152 unsigned int started : 1;
154 /* Can the read and write network BIOs support blocking? */
155 unsigned int can_poll_net_rbio : 1;
156 unsigned int can_poll_net_wbio : 1;
159 * This is 1 if we were instantiated using a QUIC server method
162 unsigned int as_server : 1;
165 * Has the application called SSL_set_accept_state? We require this to be
166 * congruent with the value of as_server.
168 unsigned int as_server_state : 1;
170 /* Are we using thread assisted mode? Never changes after init. */
171 unsigned int is_thread_assisted : 1;
173 /* Do connection-level operations (e.g. handshakes) run in blocking mode? */
174 unsigned int blocking : 1;
176 /* Do newly created streams start in blocking mode? Inherited by new XSOs. */
177 unsigned int default_blocking : 1;
179 /* Have we created a default XSO yet? */
180 unsigned int default_xso_created : 1;
182 /* Default stream type. Defaults to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI. */
183 uint32_t default_stream_mode;
185 /* SSL_set_mode. This is not used directly but inherited by new XSOs. */
186 uint32_t default_ssl_mode;
188 /* SSL_set_incoming_stream_policy. */
189 int incoming_stream_policy;
190 uint64_t incoming_stream_aec;
193 * Last 'normal' error during an app-level I/O operation, used by
194 * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
195 * and SSL_ERROR_WANT_WRITE.
200 /* Internal calls to the QUIC CSM which come from various places. */
201 int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc);
204 * To be called when a protocol violation occurs. The connection is torn down
205 * with the given error code, which should be a QUIC_ERR_* value. Reason string
206 * is optional and copied if provided. frame_type should be 0 if not applicable.
208 void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc,
213 void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
214 OSSL_QUIC_FRAME_CONN_CLOSE *f);
216 int ossl_quic_trace(int write_p, int version, int content_type,
217 const void *buf, size_t msglen, SSL *ssl, void *arg);
219 # define OSSL_QUIC_ANY_VERSION 0xFFFFF
221 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
222 ((ssl) == NULL ? NULL \
223 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
224 ? (c QUIC_CONNECTION *)(ssl) \
227 # define QUIC_XSO_FROM_SSL_int(ssl, c) \
230 : (((ssl)->type == SSL_TYPE_QUIC_XSO \
231 ? (c QUIC_XSO *)(ssl) \
232 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
233 ? (c QUIC_XSO *)((QUIC_CONNECTION *)(ssl))->default_xso \
236 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \
237 ((ssl) == NULL ? NULL \
238 : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
239 ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
242 # define IS_QUIC(ssl) ((ssl) != NULL \
243 && ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
244 || (ssl)->type == SSL_TYPE_QUIC_XSO))
246 # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL
247 # define QUIC_XSO_FROM_SSL_int(ssl, c) NULL
248 # define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL
249 # define IS_QUIC(ssl) 0
252 # define QUIC_CONNECTION_FROM_SSL(ssl) \
253 QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
254 # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \
255 QUIC_CONNECTION_FROM_SSL_int(ssl, const)
256 # define QUIC_XSO_FROM_SSL(ssl) \
257 QUIC_XSO_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
258 # define QUIC_XSO_FROM_CONST_SSL(ssl) \
259 QUIC_XSO_FROM_SSL_int(ssl, const)
260 # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \
261 SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
262 # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \
263 SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const)
265 # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
266 q_connect, enc_data) \
267 const SSL_METHOD *func_name(void) \
269 static const SSL_METHOD func_name##_data= { \
284 NULL /* shutdown */, \
285 NULL /* renegotiate */, \
286 ossl_quic_renegotiate_check, \
287 NULL /* read_bytes */, \
288 NULL /* write_bytes */, \
289 NULL /* dispatch_alert */, \
291 ossl_quic_ctx_ctrl, \
292 NULL /* get_cipher_by_char */, \
293 NULL /* put_cipher_by_char */, \
295 ossl_quic_num_ciphers, \
296 ossl_quic_get_cipher, \
297 tls1_default_timeout, \
299 ssl_undefined_void_function, \
300 ossl_quic_callback_ctrl, \
301 ossl_quic_ctx_callback_ctrl, \
303 return &func_name##_data; \